pith. sign in

arxiv: 2605.05774 · v2 · pith:BHJLVHSWnew · submitted 2026-05-07 · 💻 cs.CR · cs.DC

SuperPaymaster: Eliminating Centralized Signer Authority via Asset-Oriented Abstraction to Reconcile Usability and Decentralization in Account Abstraction

Huifeng Jiao , Nathapon Udomlertsakul This is my paper

Pith reviewed 2026-05-08 09:28 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords ERC-4337paymasteraccount abstractiongas sponsorshipsoulbound tokendecentralizationsmart accounts
0
0 comments X

The pith

Asset-Oriented Abstraction removes the centralized off-chain signer from ERC-4337 paymaster sponsorship.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Most production ERC-4337 Paymasters rely on a centralized server that signs each sponsorship request, creating a potential censorship bottleneck. This paper proposes Asset-Oriented Abstraction, which moves the payment capability into a persistent user-owned on-chain asset called the Gas Card. Sponsorship validity is then checked against Soulbound Token state and fixed deterministic policy rules rather than an off-chain signature. The authors deployed SuperPaymaster on Optimism Mainnet and measured gas costs for ERC-20 transfers, finding that the architecture replaces external liquidation paths with internal balance updates. This approach is presented as a way to ease the tension between usability, decentralization, and economic efficiency in account abstraction.

Core claim

SuperPaymaster demonstrates that sponsorship validity can be anchored entirely in on-chain Soulbound Token state and deterministic policy rules through a Gas Card asset, eliminating the off-chain signer as a hard validity gate while producing lower pure L2 execution gas than several commercial baselines for single-UserOp ERC-20 transfers.

What carries the argument

The Gas Card, a persistent user-owned on-chain asset whose sponsorship rights are validated by Soulbound Token state and deterministic policy rules instead of an off-chain signature.

If this is right

  • Sponsorship decisions become independent of any single off-chain entity and are enforced directly by on-chain state.
  • ERC-20 transfer operations can avoid the gas overhead of external liquidation by performing internal balance updates.
  • Non-cooperative relayers can be bypassed when an alternative relayer is available, as shown in failover simulation.
  • Total billed gas remains partly determined by bundler pricing, but the paymaster architecture itself contributes measurable execution savings.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Gas Cards could become transferable on-chain assets, allowing users to sell or delegate sponsorship capacity.
  • The asset-oriented model might extend to other sponsored operations such as oracle calls or cross-chain actions.
  • Future account abstraction standards could prioritize asset-based validation over process-based signing to reduce reliance on off-chain parties.

Load-bearing premise

On-chain Soulbound Token state combined with deterministic policy rules can fully replace off-chain signing for sponsorship validity without introducing new attack surfaces, centralization points, or usability regressions.

What would settle it

A production deployment in which a majority of relayers refuse SuperPaymaster UserOps despite correct on-chain state, or a measurable exploit that forces sponsorship of an invalid operation through the Gas Card rules.

Figures

Figures reproduced from arXiv: 2605.05774 by Huifeng Jiao, Nathapon Udomlertsakul.

Figure 1
Figure 1. Figure 1: Standard ERC-4337 Paymaster Architecture. The centralized API server and signer (red, dashed) form the censorship bottleneck for gas sponsorship. An optimal solution must reconcile an intuitive user experience (analogous to a prepaid card) with decentralized on-chain verification. This paper introduces Asset-Oriented Abstraction (AOA) as that reconciliation. By encapsulating payment permission within an on… view at source ↗
Figure 2
Figure 2. Figure 2: Conceptual Comparison. Traditional POA (red) requires an off-chain server to sign every transaction; SuperPaymaster (blue) validates sponsorship purely on-chain based on the user’s Gas Card. 1.2. Research Questions and Contributions—This research aims to design, implement, and evaluate SuperPaymaster to answer: • RQ1: How does AOA achieve removal of the off-chain paymaster signer as a hard validity gate at… view at source ↗
Figure 3
Figure 3. Figure 3: Standard ERC-4337 Architecture. The EntryPoint coordinates validation between the Smart Account and optional Paymaster. EIP-770223 in the Prague/Electra (Pectra) upgrade (activated May 7, 2025), which allows existing EOAs to temporarily function as smart accounts,24 alongside Passkeys/WebAuthn and Wallet￾as-a-Service.25–27 Emerging protocol-level proposals for Native AA include RIP-756028 with supporting s… view at source ↗
Figure 4
Figure 4. Figure 4: Paymaster market concentration by UserOps volume. (Data source: Bundle￾Bear ERC-4337 Paymasters,8 retrieved February 2026.) 2.3.3. Cost and Scalability Considerations—High AA gas costs on Layer 1 necessitate Layer 2 deployment. Thibault et al.44 show that rollups reduce fees by 20–100× relative to Ethereum Mainnet, so we target L2 and report efficiency primarily in L2 execution gas units, complemented by r… view at source ↗
Figure 5
Figure 5. Figure 5: Paymaster market concentration by gas spend. (Data source: BundleBear,8 retrieved February 2026.) chain paymaster-signer authority from the sponsorship validity path. POA solutions trade trust-boundary size for convenience through centralized intermediaries; EOA models preserve decentralization but fail on usability. SuperPaymaster targets this gap through Asset-Oriented Abstraction instantiated as a Gas C… view at source ↗
Figure 6
Figure 6. Figure 6: SuperPaymaster three-layer architecture. Sponsorship validity is enforced at the Protocol Layer; the Service Layer handles inclusion, not authorization. 12 view at source ↗
Figure 7
Figure 7. Figure 7: Contract dependency graph. Arrows indicate read/callback dependencies between on-chain contracts. 14 view at source ↗
Figure 8
Figure 8. Figure 8: Core object relationships across the Asset, Protocol, and Service layers view at source ↗
Figure 9
Figure 9. Figure 9: Service discovery flow via ENS resolution and Registry lookup. 15 view at source ↗
Figure 10
Figure 10. Figure 10: Open Community Mode: permissionless Gas Card and gas token issuance flow view at source ↗
Figure 11
Figure 11. Figure 11: Economic circulation: community gas sponsorship creates a positive-sum engagement loop. transaction (∼46,000 gas saved per first interaction). 2. Zero on-chain swap. Commercial ERC-20 paymasters must swap user tokens to ETH via on-chain DEX during postOp (+∼150,000 gas); SuperPaymaster burns the user’s xPNTs and transfers the equivalent aPNTs to the protocol treasury in a single atomic postOp step, avoidi… view at source ↗
Figure 12
Figure 12. Figure 12: Developer journey: SDK integration via ENS entry point simplifies pay￾master selection. 17 view at source ↗
Figure 13
Figure 13. Figure 13: Multi-dimensional friction comparison across three workflows on three dimensions (Steps, Cognitive Load, Cost; lower is better). The three bar groups, from highest to lowest friction, correspond to: EOA-direct (red, scores 10/9/9), POA paymaster (amber, 4/6/7), and AOA Gas Card (green, 2/2/3). Scores are GOMS-derived ordinal estimates over the workflows analyzed in §5.2, not absolute units view at source ↗
Figure 14
Figure 14. Figure 14: L2 gas used (mean values) for each operation type (95% CIs in view at source ↗
read the original abstract

Most production ERC-4337 Paymasters rely on Process-Oriented Abstraction (POA): a centralized off-chain server signs each sponsorship request, acting as a potential censorship bottleneck. We propose Asset-Oriented Abstraction (AOA), encapsulating payment capability in a persistent, user-owned on-chain asset -- the Gas Card -- rather than an off-chain signing process. Following the Design Science Research (DSR) methodology, we implement SuperPaymaster on Optimism Mainnet, anchoring sponsorship validity in on-chain Soulbound Token state and deterministic policy rules, removing the off-chain signer as a validity gate. We evaluate gas costs via single-UserOp ERC-20 transfers on Optimism Mainnet (n = 50 per system). In pure L2 execution gas (txGasUsed; actualGasUsed = txGasUsed + PVG), SuperPaymaster (167,830) is lower than both evaluated POA baselines: Alchemy Gas Manager (205,951) and Pimlico ERC-20 paymaster (328,937). It still pays a ~32,000-gas on-chain verification overhead versus Alchemy, but reduces gas by 49% versus Pimlico by replacing on-chain token liquidation with an internal balance update. In total billed gas, SuperPaymaster (286,818) exceeds Alchemy (257,299) due to higher bundler PVG overhead, not paymaster architecture. Code structural analysis and on-chain Mainnet evidence confirm that sponsorship validity requires no off-chain signing server: validatePaymasterUserOp reads only on-chain state. These findings suggest that AOA can mitigate the usability-decentralization-efficiency trade-offs in gas payment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper claims that most ERC-4337 Paymasters rely on Process-Oriented Abstraction (POA) with centralized off-chain signers that create censorship risks. It proposes Asset-Oriented Abstraction (AOA) that instead anchors sponsorship in a persistent user-owned on-chain 'Gas Card' asset implemented via Soulbound Tokens (SBTs) and deterministic policy rules. The authors describe an implementation called SuperPaymaster deployed on Optimism Mainnet, report gas-cost measurements for single-UserOp ERC-20 transfers (n=50 per system) showing a 32k-gas delta and a 49% reduction versus one baseline (167830 vs 328937 gas), and include a relayer failover simulation. The central claim is that AOA eliminates the off-chain signer as a hard validity gate while reconciling usability, sponsorship decentralization, and economic efficiency.

Significance. If the central security and decentralization claims hold, the work would provide a concrete alternative architecture for paymasters that reduces reliance on off-chain trusted parties, potentially improving censorship resistance in account abstraction deployments. The mainnet implementation and trace-level gas decomposition offer practical data points. Credit is due for the reproducible on-chain measurements and the failover simulation that directly tests one aspect of decentralization.

major comments (2)
  1. [Evaluation] The central claim that on-chain SBT state combined with deterministic policy rules fully replaces off-chain signing without introducing new attack surfaces, centralization points, or usability regressions is not supported by any contract-level access-control audit, formal validation model, or adversarial analysis. The Evaluation section reports only gas deltas for ERC-20 transfers and a relayer failover simulation; these do not address potential bypasses via state races, front-running, unauthorized asset transfers, or issuer-controlled SBT revocation.
  2. [Evaluation] The gas-cost comparisons (167830 vs 328937 and the 49% reduction claim) are presented for n=50 tests on Optimism without error bars, variance statistics, or full methodology details on test selection and measurement. While not the sole basis for the decentralization claim, these numbers are used to support the economic-efficiency component of the reconciliation argument and therefore require clearer statistical grounding.
minor comments (1)
  1. [Abstract] The abstract and Evaluation section would benefit from explicit statements on the exact policy-rule immutability guarantees and whether any external calls or oracles are used in validation logic.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments. We address each major comment point by point below, providing clarifications where appropriate and committing to specific revisions that strengthen the manuscript without overstating its current scope.

read point-by-point responses

  1. Referee: [Evaluation] The central claim that on-chain SBT state combined with deterministic policy rules fully replaces off-chain signing without introducing new attack surfaces, centralization points, or usability regressions is not supported by any contract-level access-control audit, formal validation model, or adversarial analysis. The Evaluation section reports only gas deltas for ERC-20 transfers and a relayer failover simulation; these do not address potential bypasses via state races, front-running, unauthorized asset transfers, or issuer-controlled SBT revocation.

    Authors: We agree that the current Evaluation section does not include a contract-level access-control audit, formal validation model, or comprehensive adversarial analysis, and that the reported gas measurements and failover simulation alone do not fully address the listed attack vectors. The manuscript's central claim rests on the architectural shift to on-chain SBT state and deterministic policy rules as the validity gate, which by design removes the off-chain signer. In the revised manuscript we will add a dedicated Security Considerations subsection to the Evaluation section. This subsection will explicitly discuss the potential attack surfaces raised (state races, front-running, unauthorized asset transfers, and issuer-controlled SBT revocation) and explain the mitigations provided by SBT non-transferability, on-chain policy enforcement, and the absence of an off-chain validity oracle. While we cannot retroactively supply a formal verification or external audit, the added discussion will clarify the security properties that follow from the on-chain anchoring and will acknowledge remaining limitations. We view this as a partial but substantive response that directly engages the referee's concern. revision: partial

  2. Referee: [Evaluation] The gas-cost comparisons (167830 vs 328937 and the 49% reduction claim) are presented for n=50 tests on Optimism without error bars, variance statistics, or full methodology details on test selection and measurement. While not the sole basis for the decentralization claim, these numbers are used to support the economic-efficiency component of the reconciliation argument and therefore require clearer statistical grounding.

    Authors: We accept that the gas-cost presentation requires clearer statistical grounding. The figures derive from 50 independent single-UserOp ERC-20 transfer executions per system on Optimism Mainnet, with trace-level decomposition used to isolate the 32 k-gas delta. In the revised manuscript we will augment the Evaluation section with (i) error bars showing standard deviation, (ii) explicit reporting of mean, variance, and range for each configuration, and (iii) an expanded methodology paragraph detailing test selection criteria, baseline deployment versions, measurement tooling, and environmental controls. These additions will provide the requested statistical context while preserving the architectural interpretation of the results. revision: yes

Circularity Check

0 steps flagged

No circularity; claims rest on direct implementation, gas measurements, and simulation

full rationale

The paper implements SuperPaymaster on Optimism Mainnet following Design Science Research, anchors validity in on-chain SBT state plus deterministic policies, and evaluates via 50 single-UserOp ERC-20 transfer measurements plus a relayer failover simulation. No equations define a quantity in terms of itself, no fitted parameters are relabeled as predictions, and no self-citations supply the load-bearing justification for the architecture or results. The derivation chain consists of concrete on-chain code, trace-level gas decomposition, and empirical deltas that are independently verifiable from the deployed contracts and reported runs.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 2 invented entities

The central claim depends on standard ERC-4337 and L2 assumptions plus newly introduced entities whose security is not independently evidenced beyond the described implementation.

axioms (2)
  • domain assumption ERC-4337 provides a secure and functional base for account abstraction and paymasters.
    The proposal extends the standard without re-deriving or auditing its core properties.
  • domain assumption Soulbound Tokens can serve as reliable, persistent on-chain state for sponsorship decisions.
    Used as the anchor for validity without additional proof of their properties in this context.
invented entities (2)
  • Gas Card no independent evidence
    purpose: Persistent user-owned on-chain asset that encapsulates payment capability for sponsorship.
    Core of AOA; no external evidence or prior adoption cited.
  • Asset-Oriented Abstraction (AOA) no independent evidence
    purpose: New abstraction model that shifts sponsorship from off-chain processes to on-chain assets.
    Defined in contrast to POA; no independent validation outside the paper.

pith-pipeline@v0.9.0 · 5578 in / 1597 out tokens · 38578 ms · 2026-05-08T09:28:43.349583+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.